Category Archives: Automation

Certificate management with Azure Automation and Let’s Encrypt

The Let’s Encrypt project has had a lasting impact on the Internet landscape. Free SSL certificates for everyone can be created automatically and signed by Let’s Encrypt. Due to the broad acceptance by browser manufacturers and cross-signing, the certificates are valid almost everywhere.
However, an automated solution is absolutely necessary due to the short validity period of 90 days. Using PowerShell in Azure Automation, a workflow can be created that takes care of certificate renewal and secure central storage. This workflow is the optimal basis for distributing the certificates to the actual service.

The basis for such an automation solution is provided by AzAutomation-PoshACME

Continue reading

AzureRM.Network 0.9 breaks Azure Automation Runbooks

If you are using Azure Automation and use the AzureRM.Network module in one of the versions from 0.9.0 to min. 0.10.0, you may experience problems running Azure Automation Runbooks.

If the runbooks used are more complex overall, this version may result in a high memory load. If more than 400 MB RAM are used, the runbook ends after three attempts in the status “Suspended”.

The runbook job was attempted 3 times, but it failed each time. Common reasons that runbook jobs fail can be found here:
https://docs.Microsoft.com/en-us/Azure/automation/automation-troubleshooting-automation-errors

A downgrade to version 6.8.0 is required. The easiest way, of course, is with PowerShell.

$ModuleName = "AzureRM.Network"
$MaxVersion = "6.8.0"

# Gather information
$AffectedAutomationAccounts = Get-AzureRmAutomationAccount | Get-AzureRmAutomationModule -Name AzureRM.Network | Where-Object {$_.Version -gt $MaxVersion }

# Review
$AffectedAutomationAccounts | Select-Object ResourceGroupName, AutomationAccountName, Name, Version

#region Redeploy
Write-Verbose "Generate RootTemplate.json in `"DevOpsgallerystorage.blob.core.windows.net`""
$uri = "https://www.PowerShellgallery.com/packages/$ModuleName/$MaxVersion/DeployItemToAzureAutomation?itemType=PSModule&requireLicenseAcceptance=False"
# This only generates the RootTemplate.json for the specified version. It simulates the Button "Deploy to Azure Automation" on the Gallery
Invoke-WebRequest $uri | Out-Null

# Download JSON 
$uri = "https://DevOpsgallerystorage.blob.core.windows.net/armtemplates/$ModuleName/$MaxVersion/RootTemplate.json"
$templateFileName = ".\RootTemplate.$ModuleName.$ModuleVersion.json"
Invoke-WebRequest -Uri $uri -OutFile $templateFileName | Out-Null

$AffectedAutomationAccounts | ForEach-Object {
    $AutomationAccountLocation = Get-AzureRmAutomationAccount -ResourceGroupName $_.ResourceGroupName -Name $_.AutomationAccountName | Select-Object -ExpandProperty Location
    $parameters = @{
        "Automation Account Name"            = $_.AutomationAccountName
        "Automation Account Location"        = "$AutomationAccountLocation"
        "New or existing Automation account" = "Existing"
    }
    $params = @{
        "ResourceGroupName"       = $_.ResourceGroupName
        "TemplateFile"            = $templateFileName 
        "TemplateParameterObject" = $parameters
        "Mode"                    = 'Incremental'
    }
    New-AzureRmResourceGroupDeployment @params
}
#endregion